CSCwr76026-ASA version 9.22.2.14 Secure Client VPN performance drop

dan-lawley · ‎11-19-2025

Hi,

Is there any progress on this issue or projected time of fix?

This is affecting multiple of our ASA's and there is no way of rolling back due to vulnerabilities.

Thanks

Mark Elsen · ‎11-19-2025

- @dan-lawley The bug report contains : Click here to see the fixed versions and a detailed RNE: CSCwr62800
That being said when looking at https://bst.cisco.com/bugsearch/bug/CSCwr62800
It has a Fixed status but Known Fixed Releases is empty

That means that developers have resolved the issue , but it not yet incorporated in a production
release. Contact TAC to get an ETA on that

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

dan-lawley · ‎11-24-2025

Hi,

So is the recommended fix to roll back to 9.22.2.13, which has known vulnerabilities?

Kind regards

Dan

Mark Elsen · ‎11-24-2025

- @dan-lawley No it's recommended to contact TAC about https://bst.cisco.com/bugsearch/bug/CSCwr62800
and ask when the fixed release will become available ,

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

mbond996 · ‎11-27-2025

Cisco TAC won't give us a timescale unfortunately, if it's any consolation - our users are experiencing the same issues, particularly when using anyconnect.

dan-lawley · ‎11-27-2025

I got a response from TAC

"Kindly note that I have checked internally in our database , I could see after upgrading the ASAv to 9.23.1.19 latency was fixed in similar cases."

We are going to be applying the upgrade soon, Ill let you know how it goes.

Thanks

mbond996 · ‎11-27-2025

Thanks Dan, I've also just noticed that version 9.22.2.20 has recently been released and CSCwr62800 is listed as fixed in the release notes.

Couple of options for us to resolve this problem.

dan-lawley · ‎12-02-2025

Hi,

Just wanted to give you guys an update, we upgraded to 9.22.2.20 last night and its even worse than before. Averaging 221ms to our ASA now.

Our next option is to go for 9.23.1 which is not ideal as its not been updated since March.

Thanks

mbond996 · ‎12-02-2025

Strange you've had a different experience to me, the upgrade to 9.22.2.20 has resolved the latency issue for us and our VPN users are now happy with the performance.

Thanks

mbond996 · ‎12-02-2025

We're running an ASAv10 on ESXi 8.0 U2, if that carries any significance..

dan-lawley · ‎12-03-2025

HI,

This is two examples of the types of latency we are experiencing while connected to the VPN, the first ping is to our app server and second ping is to the ASA.

Pinging x.x.x.x with 32 bytes of data:
Reply from x.x.x.x: bytes=32 time=687ms TTL=126
Reply from x.x.x.x: bytes=32 time=987ms TTL=126
Reply from x.x.x.x: bytes=32 time=973ms TTL=126
Reply from x.x.x.x: bytes=32 time=1413ms TTL=126

Pinging x.x.x.x with 32 bytes of data:
Reply from x.x.x.x: bytes=32 time=416ms TTL=255
Reply from x.x.x.x: bytes=32 time=576ms TTL=255
Reply from x.x.x.x: bytes=32 time=394ms TTL=255
Reply from x.x.x.x: bytes=32 time=695ms TTL=255

Some examples of the pings without the vpn -

Pinging x.x.x.x with 32 bytes of data:
Reply from x.x.x.x: bytes=32 time=14ms TTL=122
Reply from x.x.x.x: bytes=32 time=14ms TTL=122
Reply from x.x.x.x: bytes=32 time=15ms TTL=122
Reply from x.x.x.x: bytes=32 time=14ms TTL=122

Pinging x.x.x.x with 32 bytes of data:
Reply from x.x.x.x: bytes=32 time=14ms TTL=250
Reply from x.x.x.x: bytes=32 time=16ms TTL=250
Reply from x.x.x.x: bytes=32 time=15ms TTL=250
Reply from x.x.x.x: bytes=32 time=16ms TTL=250

any help would be appreciated!

Thanks

Dan